How do I view the listen backlog of a TCP socket?

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux
  • TCP connections in LISTEN state

Issue

  • How do I view the size of the backlog of a tcp socket in "LISTEN" state?
  • How can I see the current and maximum count of handshaken TCP connections waiting in the listen() backlog of a socket waiting to have accept() called on them?
  • How can I tell if increasing net.core.somaxconn and listen(int sockfd, int backlog); has worked?

Resolution

Use the ss -lt command to view all TCP sockets in the "LISTEN" state.

If a tcp socket is in the established state, Recv-Q and Send-Q mean bytes as it's described in the documentation.
If a tcp socket is in listening state, Recv-Q means current queue size, and Send-Q means configured backlog.

For example, the following shows the sshd listening with a backlog of 128, and MySQL listening with a backlog of 50:

# ss -lt
State       Recv-Q Send-Q       Local Address:Port          Peer Address:Port
LISTEN      0      128                      *:ssh                      *:*   
LISTEN      0      50                       *:mysql                    *:*

The ss shows as the current backlog minimum from these two values:

/proc/sys/net/core/somaxconn

somaxconn - INTEGER
    Limit of socket listen() backlog, known in userspace as SOMAXCONN.
    Defaults to 128.  See also tcp_max_syn_backlog for additional tuning
    for TCP sockets.

and the backlog param of listen per socket call 

       int listen(int sockfd, int backlog);

DESCRIPTION
       listen()  marks  the socket referred to by sockfd as a passive socket, that is, as a socket that
       will be used to accept incoming connection requests using accept(2).

       The sockfd argument is a file descriptor  that  refers  to  a  socket  of  type  SOCK_STREAM  or
       SOCK_SEQPACKET.

       The  backlog  argument  defines the maximum length to which the queue of pending connections for
       sockfd may grow.  If a connection request arrives when the queue is full, the client may receive
       an  error with an indication of ECONNREFUSED or, if the underlying protocol supports retransmis‐
       sion, the request may be ignored so that a later reattempt at connection succeeds.

Root Cause

ss is the netstat replacement in the iproute tools, similar to how the old ifconfig and route and arp are deprecated in favor of the ip command.

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.